General
-
Target
Dexo.exe
-
Size
70.7MB
-
Sample
231208-t1kcqabagj
-
MD5
44d7fb54475ab7a7fe1e5784eba642e8
-
SHA1
639603626a24c7734c51dd30b0084d9318930a7b
-
SHA256
2f47c1489a1484d1ef779ddaab01e9bee35210ad9c36a696ae1917a15b5628e5
-
SHA512
113b3778e8ac066793ce396b7f9c26f3af63565846cf97b27cf2ea2f3d7078659dbe399e30247be182520440414f4def125b8d42ffb0ec0a41ab12778333aea5
-
SSDEEP
1572864:G4/4rzOchPDjhr5Vig5tA8L2ownv/FuRC/B1QDppZnEgBxAOZV1GJ7:NkqcdDjVegb2nvMw/3QFD9Bun7
Static task
static1
Behavioral task
behavioral1
Sample
Dexo.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
Dexo.exe
Resource
win10-20231129-en
Behavioral task
behavioral3
Sample
Dexo.exe
Resource
win10v2004-20231127-en
Behavioral task
behavioral4
Sample
Dexo.exe
Resource
win11-20231128-en
Malware Config
Targets
-
-
Target
Dexo.exe
-
Size
70.7MB
-
MD5
44d7fb54475ab7a7fe1e5784eba642e8
-
SHA1
639603626a24c7734c51dd30b0084d9318930a7b
-
SHA256
2f47c1489a1484d1ef779ddaab01e9bee35210ad9c36a696ae1917a15b5628e5
-
SHA512
113b3778e8ac066793ce396b7f9c26f3af63565846cf97b27cf2ea2f3d7078659dbe399e30247be182520440414f4def125b8d42ffb0ec0a41ab12778333aea5
-
SSDEEP
1572864:G4/4rzOchPDjhr5Vig5tA8L2ownv/FuRC/B1QDppZnEgBxAOZV1GJ7:NkqcdDjVegb2nvMw/3QFD9Bun7
Score10/10-
Irata
Irata is an Iranian remote access trojan Android malware first seen in August 2022.
-
Irata payload
-
Executes dropped EXE
-
Loads dropped DLL
-